Dcc exploit catcher

By _dead on Jan 30, 2007

/debug -i NUL DCCWorkaround

alias DCCWorkaround {
  if ($regex($1, /^<- :([^!]*)![^@]*@[^ ]*\s*PRIVMSG\s*(\S*)\s*:\001\s*DCC\s*(SEND|RESUME).*"(?:[^" ]*\s){32}.*$/i)) {
    var %nick = $regml(1), %type = $regml(3)
    .ignore -tdu60 *
    set %a $comchan(%nick,0)
    :1
    if (%a > 0) {
      if ($me isop $comchan(%nick,%a)) {
         ban -ku600 $comchan(%nick,%a) %nick DCC %type Exploit detected, banned 10mins. | dec %a | goto 1 
      }
      if ($me !isop $comchan(%nick,%a)) { dec %a | goto 1 }
    }
    if (%a = 0) { unset %a | halt }
  }
}
on *:start:.debug -i NUL DCCWorkaround

_dead

Like Page Follow Author

Comments

Sign in to comment.
jaytea   -  Mar 11, 2007

that\'s not the same DCC issue that this detects.

this deals with a specific exploit in mirc that was around in earlier 6.xx versions. if you understood the code you\'d realize what it\'s checking ;>

 Respond  
F*U*R*B*Y*   -  Mar 10, 2007

not all, jaytea, if your the same jaytea that goes on SwiftIRC and EuphoriaIRC if you type DCC SEND djhsdjfkhgjkdfhjgkhasdf in the channel, Fear drops and so does many others..... great if Fear really annoys you :P

 Respond  
RoninWarrior   -  Jan 30, 2007

I thought the dcc exsploit was fixed already?

 Respond  
RussellReal   -  Jan 30, 2007

Jaytea ftw lol

 Respond  
jaytea   -  Jan 30, 2007

looks to be a modified version of a piece of Olathe\'s DCC exploit fix, one version of which is at http://www.bluetack.co.uk/forums/index.php?showtopic=2844

you really should give credit to your sources :P although you are a couple of years late, this vulnerability has long since been corrected

 Respond  
Are you sure you want to unfollow this person?
Are you sure you want to delete this?
Click "Unsubscribe" to stop receiving notices pertaining to this post.
Click "Subscribe" to resume notices pertaining to this post.